1. CVE-Search
  2. CVE-2006-4339
ID CVE-2006-4339
Summary OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-10-2018 - 21:35)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
oval via4
accepted 2010-09-06T04:11:01.787-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
description OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
family unix
id oval:org.mitre.oval:def:11656
status accepted
submitted 2010-07-09T03:56:16-04:00
title OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
version 6
redhat via4
advisories
  • bugzilla
    id 430659
    title CVE-2006-4339 openssl signature forgery
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment openssl096b is earlier than 0:0.9.6b-22.43
            oval oval:com.redhat.rhsa:tst:20060661001
          • comment openssl096b is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661002
        • AND
          • comment openssl is earlier than 0:0.9.7a-43.11
            oval oval:com.redhat.rhsa:tst:20060661003
          • comment openssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661004
        • AND
          • comment openssl-devel is earlier than 0:0.9.7a-43.11
            oval oval:com.redhat.rhsa:tst:20060661005
          • comment openssl-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661006
        • AND
          • comment openssl-perl is earlier than 0:0.9.7a-43.11
            oval oval:com.redhat.rhsa:tst:20060661007
          • comment openssl-perl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661008
    rhsa
    id RHSA-2006:0661
    released 2006-09-06
    severity Important
    title RHSA-2006:0661: openssl security update (Important)
  • rhsa
    id RHSA-2007:0062
  • rhsa
    id RHSA-2007:0072
  • rhsa
    id RHSA-2007:0073
  • rhsa
    id RHSA-2008:0629
rpms
  • openssl-0:0.9.7a-33.18
  • openssl-0:0.9.7a-43.11
  • openssl-debuginfo-0:0.9.7a-33.18
  • openssl-debuginfo-0:0.9.7a-43.11
  • openssl-devel-0:0.9.7a-33.18
  • openssl-devel-0:0.9.7a-43.11
  • openssl-perl-0:0.9.7a-33.18
  • openssl-perl-0:0.9.7a-43.11
  • openssl096b-0:0.9.6b-16.43
  • openssl096b-0:0.9.6b-22.43
  • openssl096b-debuginfo-0:0.9.6b-16.43
  • openssl096b-debuginfo-0:0.9.6b-22.43
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el4
  • IBMJava2-JRE-1:1.3.1-12
  • IBMJava2-SDK-1:1.3.1-11
  • java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-demo-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-devel-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-src-1:1.5.0.3-1jpp.3.el4
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.1.1-3
  • rhn_solaris_bootstrap_5_1_1_3-0:1-0
refmap via4
apple
  • APPLE-SA-2006-11-28
  • APPLE-SA-2007-12-14
bea BEA07-169.00
bid
  • 19849
  • 22083
  • 28276
bugtraq
  • 20060905 rPSA-2006-0163-1 openssl openssl-scripts
  • 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
  • 20070110 VMware ESX server security updates
  • 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
cert TA06-333A
cert-vn VU#845620
cisco
  • 20061108 Multiple Vulnerabilities in OpenSSL Library
  • 20061108 Multiple Vulnerabilities in OpenSSL library
confirm
debian
  • DSA-1173
  • DSA-1174
freebsd FreeBSD-SA-06:19
gentoo
  • GLSA-200609-05
  • GLSA-200609-18
  • GLSA-200610-06
  • GLSA-201408-19
hp
  • HPSBMA02250
  • HPSBOV02683
  • HPSBTU02207
  • HPSBUX02153
  • HPSBUX02165
  • HPSBUX02186
  • HPSBUX02219
  • SSRT061181
  • SSRT061213
  • SSRT061239
  • SSRT061266
  • SSRT061273
  • SSRT061275
  • SSRT071299
  • SSRT071304
  • SSRT090208
jvn JVN#51615542
jvndb JVNDB-2012-000079
mandriva
  • MDKSA-2006:161
  • MDKSA-2006:177
  • MDKSA-2006:178
  • MDKSA-2006:207
misc
mlist
  • [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
  • [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
  • [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
openbsd [3.9] 20060908 011: SECURITY FIX: September 8, 2006
openpkg
  • OpenPKG-SA-2006.018
  • OpenPKG-SA-2006.029
osvdb 28549
sectrack
  • 1016791
  • 1017522
secunia
  • 21709
  • 21767
  • 21776
  • 21778
  • 21785
  • 21791
  • 21812
  • 21823
  • 21846
  • 21852
  • 21870
  • 21873
  • 21906
  • 21927
  • 21930
  • 21982
  • 22036
  • 22044
  • 22066
  • 22161
  • 22226
  • 22232
  • 22259
  • 22260
  • 22284
  • 22325
  • 22446
  • 22509
  • 22513
  • 22523
  • 22545
  • 22585
  • 22671
  • 22689
  • 22711
  • 22733
  • 22758
  • 22799
  • 22932
  • 22934
  • 22936
  • 22937
  • 22938
  • 22939
  • 22940
  • 22948
  • 22949
  • 23155
  • 23455
  • 23680
  • 23794
  • 23841
  • 23915
  • 24099
  • 24930
  • 24950
  • 25284
  • 25399
  • 25649
  • 26329
  • 26893
  • 28115
  • 31492
  • 38567
  • 38568
  • 41818
  • 60799
sgi 20060901-01-P
slackware
  • SSA:2006-257-02
  • SSA:2006-310-01
sunalert
  • 1000148
  • 102648
  • 102656
  • 102657
  • 102686
  • 102696
  • 102722
  • 102744
  • 102759
  • 200708
  • 201247
  • 201534
suse
  • SUSE-SA:2006:055
  • SUSE-SA:2006:061
  • SUSE-SA:2007:010
  • SUSE-SR:2006:026
ubuntu USN-339-1
vupen
  • ADV-2006-3453
  • ADV-2006-3566
  • ADV-2006-3730
  • ADV-2006-3748
  • ADV-2006-3793
  • ADV-2006-3899
  • ADV-2006-3936
  • ADV-2006-4205
  • ADV-2006-4206
  • ADV-2006-4207
  • ADV-2006-4216
  • ADV-2006-4327
  • ADV-2006-4329
  • ADV-2006-4366
  • ADV-2006-4417
  • ADV-2006-4586
  • ADV-2006-4744
  • ADV-2006-4750
  • ADV-2006-5146
  • ADV-2007-0254
  • ADV-2007-0343
  • ADV-2007-1401
  • ADV-2007-1815
  • ADV-2007-1945
  • ADV-2007-2163
  • ADV-2007-2315
  • ADV-2007-2783
  • ADV-2007-4224
  • ADV-2008-0905
  • ADV-2010-0366
xf openssl-rsa-security-bypass(28755)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:35
Published 05-09-2006 - 17:04
Last modified 17-10-2018 - 21:35
Back to Top